Overview

overview

10

Static

static

10

4f1ab4c8ec...484763

debian-9-armhf

7

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19/12/2023, 23:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4f1ab4c8ec283e0d855d7ad90b484763

  • Size

    135KB

  • MD5

    4f1ab4c8ec283e0d855d7ad90b484763

  • SHA1

    13048e8e56f1590f49254e3b3812fc6ddb0cb1b5

  • SHA256

    637897db32a41a813915cba517c2b58712ce3ee972fc5638788ef4096c092d77

  • SHA512

    36a1c6a681fc77f9baff9c39eb46b58a105356ec0a311ebaf147d7d63ea60c18f553baf22fb472dd2c8cd399be94fcbdaeed92454de39eee2fcf025db8143706

  • SSDEEP

    3072:61rFAW6acuV36bzJOVXVsNqorMwEEkmhxQwoV3UNu:OX6acuVVXVsNq1EkmhxQwoV3UNu

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/4f1ab4c8ec283e0d855d7ad90b484763
    /tmp/4f1ab4c8ec283e0d855d7ad90b484763
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:649

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads